CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-21972

CVSS 9.8v3.1pub. 2021-02-24upd. 2025-10-30

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Cloud Foundation

    APP
    Vmware
    3.0 – 3.10.1.2 (bez)4.0 – 4.2 (bez)
  • VMware Vcenter Server

    APP
    Vmware
    6.56.77.0

CISA KEV — detailsi

Vendori
VMware
Producti
vCenter Server
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt

VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process

CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt

VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE

CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Heap overflow w VMware vCenter Server via protokół DCERPC — RCE

CVE-2023-34048CRITICAL9.8⚠ KEVten sam produkt

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A m...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...